mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-07-16 15:55:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
94524 commits 7 branches 620 tags 2.7 GiB
Commit graph

218 commits

Author SHA1 Message Date
Senthil Kumaran
17742f2d45 [merge from 3.4] - Prevent HTTPoxy attack (CVE-2016-1000110) 
Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which
indicates that the script is in CGI mode.

Issue #27568 Reported and patch contributed by Rémi Rampin.
 2016-07-30 23:39:06 -07:00
Senthil Kumaran
436fe5a447 [merge from 3.3] Prevent HTTPoxy attack (CVE-2016-1000110) 
Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which
indicates that the script is in CGI mode.

Issue #27568 Reported and patch contributed by Rémi Rampin.
 2016-07-30 23:34:34 -07:00
Senthil Kumaran
4cbb23f8f2 Prevent HTTPoxy attack (CVE-2016-1000110) 
Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which
indicates that the script is in CGI mode.

Issue #27568 Reported and patch contributed by Rémi Rampin.
 2016-07-30 23:24:16 -07:00
Martin Panter
e6f060903c Issue #17214: Percent-encode non-ASCII bytes in redirect targets 
Some servers send Location header fields with non-ASCII bytes, but "http.
client" requires the request target to be ASCII-encodable, otherwise a
UnicodeEncodeError is raised. Based on patch by Christian Heimes.

Python 2 does not suffer any problem because it allows non-ASCII bytes in the
HTTP request target.
 2016-05-16 01:14:20 +00:00
Martin Panter
ce6e06874b Issue #14132: Fix redirect handling when target is just a query string 2016-05-16 01:07:13 +00:00
Senthil Kumaran
9642eedc0a Issue #26892: Honor debuglevel flag in urllib.request.HTTPHandler. 
Patch contributed by Chi Hsuan Yen.
 2016-05-13 01:32:42 -07:00
Martin Panter
aa27982ffc Issue #26864: Fix case insensitivity and suffix comparison with no_proxy 
Patch by Xiang Zhang.
 2016-04-30 01:03:40 +00:00
Senthil Kumaran
a7c0ff2f0b Issue #26804: urllib.request will prefer lower_case proxy environment variables 
over UPPER_CASE or Mixed_Case ones.

Patch contributed by Hans-Peter Jansen. Reviewed by Martin Panter and Senthil Kumaran.
 2016-04-25 08:16:23 -07:00
Robert Collins
2fee5c9367 Issue #24021: docstring for urllib.urlcleanup. 
Patch from Daniel Andrade Groppe and Peter Lovett
 2015-08-04 12:52:06 +12:00
Victor Stinner
ab73e65032 Issue #23881: urllib.request.ftpwrapper constructor now closes the socket if 
the FTP connection failed to fix a ResourceWarning.
 2015-04-07 12:49:27 +02:00
Benjamin Peterson
b666697fa8 use context's check_hostname attribute rather than the HTTPSHandler check_hostname parameter 2014-12-07 13:46:02 -05:00
Senthil Kumaran
8b7e161ac3 backport context argument of urlopen (#22366) for pep 476 2014-09-19 15:23:30 +08:00
Serhiy Storchaka
f54c350160 Issue #19524: Fixed resource leak in the HTTP connection when an invalid 
response is received.  Patch by Martin Panter.
 2014-09-06 21:41:39 +03:00
Senthil Kumaran
783737625d Fix Issue #8797: Raise HTTPError on failed Basic Authentication immediately. Initial patch by Sam Bull. 2014-08-20 07:53:58 +05:30
Senthil Kumaran
402df0975c backout changeset 3435c5865cfc due to buildbot failures. Ref #8797 2014-08-16 22:52:37 +05:30
Senthil Kumaran
b2e3a939bf Fix Issue #8797: Raise HTTPError on failed Basic Authentication immediately. Initial patch by Sam Bull. 2014-08-16 14:17:38 +05:30
Senthil Kumaran
bc07ac5180 Fix localhost checking in FileHandler. Raised in #21970. 2014-07-22 00:15:20 -07:00
Benjamin Peterson
3c2dca67ac in ftp cache pruning, avoid changing the size of a dict while iterating over it (closes #21463) 
Patch by Skyler Leigh Amador.
 2014-06-07 15:08:04 -07:00
Senthil Kumaran
d8e24f1f71 Convert urllib.request parse_proxy doctests to unittests. 2014-04-14 16:32:20 -04:00
Benjamin Peterson
78c8538461 fix typo 2014-04-01 16:27:30 -04:00
Benjamin Peterson
5dd3caed2b simplify check, since now there are only new-style classes 2014-04-01 14:20:56 -04:00
Senthil Kumaran
b6fac245b5 Backporing the fix from Issue #12692 2013-12-28 17:36:18 -08:00
Christian Heimes
67986f9431 Issue #19735: Implement private function ssl._create_stdlib_context() to 
create SSLContext objects in Python's stdlib module. It provides a single
configuration point and makes use of SSLContext.load_default_certs().
 2013-11-23 22:43:47 +01:00
Jason R. Coombs
aae6a1d76f Issue #18978: A more elegant technique for resolving the method 2013-09-08 12:54:33 -04:00
Jason R. Coombs
7dc4f4bbab Issue #18978: Allow Request.method to be defined at the class level. 2013-09-08 12:47:07 -04:00
Brett Cannon
cd171c8e92 Issue #18200: Back out usage of ModuleNotFoundError (8d28d44f3a9a) 2013-07-04 17:43:24 -04:00
Brett Cannon
0a140668fa Issue #18200: Update the stdlib (except tests) to use 
ModuleNotFoundError.
 2013-06-13 20:57:26 -04:00
Senthil Kumaran
caa00fec19 Fix #17967 - Fix related to regression on Windows. 
os.path.join(*self.dirs) produces an invalid path on windows.
ftp paths are always forward-slash seperated like this. /pub/dir.
 2013-06-02 11:59:47 -07:00
Senthil Kumaran
dcdadfe39a Fix thishost helper funtion in urllib. Returns the ipaddress of localhost when 
hostname is resolvable by socket.gethostname for local machine. This all fixes
certain freebsd builtbot failures.
 2013-06-01 11:12:17 -07:00
Senthil Kumaran
4e42ae81f6 Fix #17967: For ftp urls CWD to target instead of hopping to each directory 
towards target. This fixes a bug where target is accessible, but parent
directories are restricted.
 2013-06-01 08:27:06 -07:00
Senthil Kumaran
5ccf2ff3e9 merge from 3.3 
Fix #17967 - Fix related to regression on Windows.

os.path.join(*self.dirs) produces an invalid path on windows.
ftp paths are always forward-slash seperated like this. /pub/dir.
 2013-06-02 12:00:45 -07:00
Senthil Kumaran
88249b80d7 merge from 3.3 
Fix thishost helper funtion in urllib. Returns the ipaddress of localhost when
hostname is resolvable by socket.gethostname for local machine. This all fixes
certain freebsd builtbot failures.
 2013-06-01 11:12:52 -07:00
Senthil Kumaran
e9ec2e173d merge from 3.3 
Fix #17967: For ftp urls CWD to target instead of hopping to each directory
towards target. This fixes a bug where target is accessible, but parent
directories are restricted.
 2013-06-01 08:27:53 -07:00
Senthil Kumaran
8307075ce8 Fix #17272 - Make Request.full_url and Request.get_full_url return same result under all circumstances. 
Document the change of Request.full_url to a property.
 2013-05-24 09:14:12 -07:00
Benjamin Peterson
fa6bdc6d86 merge 3.3 2013-05-12 19:02:05 -05:00
Benjamin Peterson
901a278861 use correct format code for exceptions 2013-05-12 19:01:52 -05:00
Senthil Kumaran
5238092592 Issue #17272: Making the urllib.request's Request.full_url a descriptor. Fixes 
bugs with assignment to full_url. Patch by Demian Brecht.
 2013-04-25 05:45:48 -07:00
Senthil Kumaran
4a2ab120f3 Issue #17483: 3.3 Branch - Remove unreachable code in urllib.request 2013-04-04 19:34:02 -07:00
R David Murray
c616604a15 Merge: Use repr when printing unknown url type in urlopen. 2013-04-03 07:01:07 -04:00
R David Murray
d8a46969f7 Use repr when printing unknown url type in urlopen. 2013-04-03 06:58:34 -04:00
Antoine Pitrou
9a8d6934df Issue #17483: remove unreachable code in urlopen(). 2013-04-01 18:55:35 +02:00
R David Murray
9cc7d45571 #17485: Delete the Content-Length header if the data attribute is deleted. 
This is a follow on to issue 16464.  Original patch by Daniel Wozniak.
 2013-03-20 00:10:51 -04:00
Senthil Kumaran
41518b4af0 #17474 - Remove the various deprecated methods of Request class. 2013-03-18 18:06:00 -07:00
Andrew Svetlov
f7a17b48d7 Replace IOError with OSError (#16715) 2012-12-25 16:47:37 +02:00
Andrew Svetlov
2606a6f197 Issue #16719: Get rid of WindowsError. Use OSError instead 
Patch by Serhiy Storchaka.
 2012-12-19 14:33:35 +02:00
Andrew Svetlov
0832af6628 Issue #16717: get rid of socket.error, replace with OSError 2012-12-18 23:10:48 +02:00
Andrew Svetlov
3438fa496d Get rig of EnvironmentError (#16705) 2012-12-17 23:35:18 +02:00
Andrew Svetlov
bff98fe536 Issue #16464: reset Request's Content-Length header on .data change. 
It will be recalculated on sending request to HTTP server.

Patch by Alexey Kachayev
 2012-11-27 23:06:19 +02:00
Antoine Pitrou
df204be922 Issue #16423: urllib.request now has support for `data:` URLs. 
Patch by Mathias Panzenböck.
 2012-11-24 17:59:08 +01:00
Gregory P. Smith
b696610c2d Fixes issue #16409: The reporthook callback made by the legacy 
urllib.request.urlretrieve API now properly supplies a constant
non-zero block_size as it did in Python 3.2 and 2.7.  This matches the
behavior of urllib.request.URLopener.retrieve.
 2012-11-10 13:44:50 -08:00